Contempothemes

contempothemes

3 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-13421 1Contempothemes 1Real Estate 7 Feb 25, 2025 Feb 12, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected durin...Show more The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to register a new administrative user account.Show less
CVE-2022-47146 1Contempothemes 1Real Estate 7 Nov 21, 2024 Mar 27, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contempoinc Real Estate 7 WordPress theme <= 3.3.1 versions.
CVE-2021-24387 1Contempothemes 1Real Estate 7 Nov 21, 2024 Jul 6, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which can...Show more The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which can be triggered in both unauthenticated or authenticated user contextShow less